diff options
| author | Paul Buetow <paul@buetow.org> | 2025-07-31 14:02:21 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2025-07-31 14:02:21 +0300 |
| commit | 04cbbb338462968f63ca69c95223dea28252168d (patch) | |
| tree | fac160090cc68b9aff44b1aef0e9fbab1d261d32 /frontends | |
| parent | d0a0804fbfcade7893c5c215ea4b2fea830efbd3 (diff) | |
Update
Diffstat (limited to 'frontends')
| -rw-r--r-- | frontends/scripts/acme.sh.tpl | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl index 2136f19..8d30609 100644 --- a/frontends/scripts/acme.sh.tpl +++ b/frontends/scripts/acme.sh.tpl @@ -2,18 +2,35 @@ MY_IP=`ifconfig vio0 | awk '$1 == "inet" { print $2 }'` -function handle_cert { +# New hosts may not have a cert, just copy foo.zone as a +# placeholder, so that services can at least start proprely. +# cert will be updated with next acme-client runs! +ensure_placeholder_cert () { host=$1 - host_ip=`host $host | awk '/has address/ { print $(NF) }'` - if [ "$MY_IP" != "$host_ip" ]; then - echo "Not serving $host, skipping..." - return + copy_from=foo.zone + + if [ ! -f /etc/ssl/$host.crt ]; then + cp -v /etc/ssl/$copy_from.crt /etc/ssl/$host.crt + cp -v /etc/ssl/$copy_from.fullchain.pem /etc/ssl/$host.fullchain.pem + cp -v /etc/ssl/private/$copy_from.key /etc/ssl/private/$host.key fi +} + +handle_cert () { + host=$1 + host_ip=`host $host | awk '/has address/ { print $(NF) }'` + grep -q "^server \"$host\"" /etc/httpd.conf if [ $? -ne 0 ]; then echo "Host $host not configured in httpd, skipping..." return fi + ensure_placeholder_cert "$host" + + if [ "$MY_IP" != "$host_ip" ]; then + echo "Not serving $host, skipping..." + return + fi # Create symlink, so that relayd also can read it. crt_path=/etc/ssl/$host |